gnu-social/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php

<?php

/**
 * A "safe" object module. In theory, objects permitted by this module will
 * be safe, and untrusted users can be allowed to embed arbitrary flash objects
 * (maybe other types too, but only Flash is supported as of right now).
 * Highly experimental.
 */
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
{
    /**
     * @type string
     */
    public $name = 'SafeObject';

    /**
     * @param HTMLPurifier_Config $config
     */
    public function setup($config)
    {
        // These definitions are not intrinsically safe: the attribute transforms
        // are a vital part of ensuring safety.

        $max = $config->get('HTML.MaxImgLength');
        $object = $this->addElement(
            'object',
            'Inline',
            'Optional: param | Flow | #PCDATA',
            'Common',
            array(
                // While technically not required by the spec, we're forcing
                // it to this value.
                'type' => 'Enum#application/x-shockwave-flash',
                'width' => 'Pixels#' . $max,
                'height' => 'Pixels#' . $max,
                'data' => 'URI#embedded',
                'codebase' => new HTMLPurifier_AttrDef_Enum(
                    array(
                        'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
                    )
                ),
            )
        );
        $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();

        $param = $this->addElement(
            'param',
            false,
            'Empty',
            false,
            array(
                'id' => 'ID',
                'name*' => 'Text',
                'value' => 'Text'
            )
        );
        $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
        $this->info_injector[] = 'SafeObject';
    }
}

// vim: et sw=4 sts=4
Replace htmLawed with HTMLPurifier 2016-01-28 18:57:36 +01:00			`<?php`

			`/**`
			`* A "safe" object module. In theory, objects permitted by this module will`
			`* be safe, and untrusted users can be allowed to embed arbitrary flash objects`
			`* (maybe other types too, but only Flash is supported as of right now).`
			`* Highly experimental.`
			`*/`
			`class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule`
			`{`
			`/**`
			`* @type string`
			`*/`
			`public $name = 'SafeObject';`

			`/**`
			`* @param HTMLPurifier_Config $config`
			`*/`
			`public function setup($config)`
			`{`
			`// These definitions are not intrinsically safe: the attribute transforms`
			`// are a vital part of ensuring safety.`

			`$max = $config->get('HTML.MaxImgLength');`
			`$object = $this->addElement(`
			`'object',`
			`'Inline',`
			`'Optional: param \| Flow \| #PCDATA',`
			`'Common',`
			`array(`
			`// While technically not required by the spec, we're forcing`
			`// it to this value.`
			`'type' => 'Enum#application/x-shockwave-flash',`
			`'width' => 'Pixels#' . $max,`
			`'height' => 'Pixels#' . $max,`
			`'data' => 'URI#embedded',`
			`'codebase' => new HTMLPurifier_AttrDef_Enum(`
			`array(`
			`'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'`
			`)`
			`),`
			`)`
			`);`
			`$object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();`

			`$param = $this->addElement(`
			`'param',`
			`false,`
			`'Empty',`
			`false,`
			`array(`
			`'id' => 'ID',`
			`'name*' => 'Text',`
			`'value' => 'Text'`
			`)`
			`);`
			`$param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();`
			`$this->info_injector[] = 'SafeObject';`
			`}`
			`}`

			`// vim: et sw=4 sts=4`